Brief Summary

The first step to perform a Web Service Test is to determine the WS entry points and the communication schema: this is described in the WSDL associated with the WS.

Black Box Testing and example

Zero Knowledge
Normally you will have a WSDL path to access the Web Service, but if you have zero knowledge about it, you will have to use UDDI to find a specific service.
Web Services have three critical building blocks – UDDI, WSDL and SOAP. There is a third intermediate player facilitating communication between the consumer and supplier, referred to as Universal Business Registry (UBR).
There are several ways to find our WSDL: the easiest one is to make a search Query in public search engine. For example if you have to assess an example.com public WS, on google.com you can type:

inurl:wsdl site:example.com

and you will find all the public Example WSDL.
Net Square wsPawn is a useful tool that acts as Web Services Consumer and makes a query to the UBR and looks for services as per requirements. Then UBR supplies the list of available services. The Web Services Consumer chooses one or more available services. Next, Web Services Consumer requests for an access point or end point for these services. UBR supplies this information. From this moment Web Services Consumer approaches the Web Services Supplier’s Host/IP address (WDSL) and starts accessing service.

WSDL endpoints
When a tester accesses to the WSDL, he can determine an access point and available interfaces for web services. These interfaces or methods take inputs using SOAP over HTTP/HTTPS. If these inputs are not defined well at the source code level, they can be compromised and exploited.
For example given this WDSL Endpoint:

This WS simply receives in input a logical name (EnterURL) and gives in output the realtive IP Address. So we have GetURLIP as method for the WS and EnterURL (string) as input.
In that manner we have identified the WS entry point and we are ready to test it.

Web Services Discovery
Web Services consumer need a simple and standardized ways to find a Web Services available from from remote servers.
There are two ways for the discovery a Web Services, DISCO and UDDI.
The Web Service Discovery (DISCO) is one way that we can use to discover the URLs WSDL descriptor and other XML documents, like Schema Definition Document (.xsd).

WS Well Known Naming
Common Web Services platforms have a naming convention for offering a WSDL documents: This naming convention can be used to retrieve WSDL via URIs probing or through queries to web search server.

Some URLs that we can use are for example:

http://<webservice-host>:<port>/<servicename>
http://<webservice-host>:<port>/<servicename>.wsdl
http://<webservice-host>:<port>/<servicename>?wsdl
http://<webservice-host>:<port>/<servicename>.aspx?wsdl
instead of .aspx extension we can also use .ascx, .asmx, .ashx extensions
Same thing with ?disco instead of ?wsdl

Search for public Web Services
The seekda Web Services Search Engine can help to find a public Web Services with related descriptions.
To find Web Services just type the keyword into seekda Web Services Search Engine. We can also browse by several other criteria such as Tag Cloud, Services by Countries, Most Used Services.
http://seekda.com

UDDI Browser
A web server that provide a very useful UDDI on-line tool for to browse and search public UDDI resource in offered from http://www.soapclient.com.
How we can see we can use two operator Microsoft and Xmethods

The service offer, for example, to search all UDDI with a specific string in business names, service name or service types.

Advanced UDDI browsing

We can search private UDDI registries using Avanced feature of UDDI browser.

This services allow interaction with Web services dynamically.
Soapclient offer others methods for to allow to discover web services and usefull links to other resources.

Command line interaction
Sometimes are usefull interact with webservives from a command line.

Simple SOAP Client - SOAPClient4XG
SOAP Client for XML allow to make a SOAP request from command line, for example: